[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86emul: correct VEX/XOP/EVEX operand size handling for 16-bit code

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Thu, 02 Feb 2017 02:05:05 +0000
Delivery-date: Thu, 02 Feb 2017 02:05:09 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit beb82042447c5d6e7073d816d6afc25c5a423cde
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Jan 25 15:08:59 2017 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Jan 25 15:08:59 2017 +0100

    x86emul: correct VEX/XOP/EVEX operand size handling for 16-bit code
    
    Operand size defaults to 32 bits in that case, but would not have been
    set that way in the absence of an operand size override.
    
    Reported-by: Wei Liu <wei.liu2@xxxxxxxxxx> (by AFL fuzzing)
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c 
b/xen/arch/x86/x86_emulate/x86_emulate.c
index 5bb5bdf..6f81cc7 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2323,6 +2323,11 @@ x86_decode(
             case 8:
                 /* VEX / XOP / EVEX */
                 generate_exception_if(rex_prefix || vex.pfx, EXC_UD);
+                /*
+                 * With operand size override disallowed (see above), op_bytes
+                 * should not have changed from its default.
+                 */
+                ASSERT(op_bytes == def_op_bytes);
 
                 vex.raw[0] = modrm;
                 if ( b == 0xc5 )
@@ -2351,7 +2356,8 @@ x86_decode(
                     }
                     else
                     {
-                        ASSERT(op_bytes == 4);
+                        /* Operand size fixed at 4 (no override via W bit). */
+                        op_bytes = 4;
                         vex.b = 1;
                     }
                     switch ( b )
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

Prev by Date: [Xen-changelog] [xen master] x86/cpuid: Remove the legacy path handling extd leaves
Next by Date: [Xen-changelog] [xen master] x86/emulate: don't assume that addr_size == 32 implies protected mode
Previous by thread: [Xen-changelog] [xen master] x86/cpuid: Remove the legacy path handling extd leaves
Next by thread: [Xen-changelog] [xen master] x86/emulate: don't assume that addr_size == 32 implies protected mode
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.